CVE-2025-29927
None
Github link:
https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927
None
Github link:
https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927
GitHub
GitHub - Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927: A basic proof of concept of the CVE-2025-29927 vulnerability…
A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts. - Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/G4sp4rCS/htb-sau-automated
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/G4sp4rCS/htb-sau-automated
GitHub
GitHub - G4sp4rCS/htb-sau-automated: SSRF CVE-2023-27163 + maltrail vuln RCE
SSRF CVE-2023-27163 + maltrail vuln RCE. Contribute to G4sp4rCS/htb-sau-automated development by creating an account on GitHub.
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/cboss43/CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/cboss43/CVE-2024-25600
CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Github link:
https://github.com/purpleteam-ru/CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Github link:
https://github.com/purpleteam-ru/CVE-2021-38163
GitHub
GitHub - purpleteam-ru/CVE-2021-38163: CVE-2021-38163 - SAP NetWeaver AS Java Desynchronization Vulnerability
CVE-2021-38163 - SAP NetWeaver AS Java Desynchronization Vulnerability - purpleteam-ru/CVE-2021-38163
CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Github link:
https://github.com/Drew-Alleman/CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Github link:
https://github.com/Drew-Alleman/CVE-2018-19422
GitHub
GitHub - Drew-Alleman/CVE-2018-19422: Subrion File Upload Bypass to RCE and Custom File Upload (Authenticated)
Subrion File Upload Bypass to RCE and Custom File Upload (Authenticated) - Drew-Alleman/CVE-2018-19422